David Dai Shu, ZTE’s director of global public affairs, comments, "It is noteworthy that, after a year-long investigation, the Committee rests its conclusions on a finding that ZTE may not be ‘free of state influence.’ This finding would apply to any company operating in China. The Committee has not challenged ZTE’s fitness to serve the US market based on any pattern of unethical or illegal behavior."

ZTE describes itself as "China’s most transparent, independent, globally focused, publicly traded telecom company", arguing it "set an unprecedented standard for cooperation by any Chinese company with a US congressional inquiry."

Mr. Dai Shu adds, "ZTE recognizes and fully respects the Committee’s obligation to protect US national security. ZTE believes the Committee focused its examination too narrowly on vendor locations not on equipment security. The Committee omitted the Western vendors and their Chinese manufacturing partners, which provide most of the US equipment now in use. The Committee also overlooked the opportunity to advance universal application of the Trusted Delivery Model which protects critical telecom networks on a vendor-neutral basis."

ZTE points out that the iPhone and other "U.S." devices are also made in China, and, in theory, equally at risk. It says if its products should be banned, so should Apple, et al.'s.

He argues, "Particularly given the severity of the Committee’s recommendations, ZTE recommends that the Committee’s investigation be extended to include every company making equipment in China, including the Western vendors. That is the only way to truly protect US equipment and US national security. National security experts agree that a Trusted Delivery Model will strengthen national security. In fact, major US carriers are increasingly requiring Trusted Delivery Model in their contracts."

ZTE does make a compelling argument. If the panel is arguing that large Chinese manufacturers can be coerced by the Chinese government to including hidden spying features in their products, why couldn't Foxconn -- Hon Hai Precision Industry Co Ltd.'s (TPE:2317) massive Chinese manufacturing subsidiary -- put the same kind of spying features inside iPhones or other U.S.-designed smartphones.

II. ZTE's Iran Secrets

However, ZTE may not be quite as transparent as it says. The company is in a difficult spot as it insists on doing business both with the U.S. and Iran. But U.S. trade laws tightly regulate what U.S. made products can be sent to nations viewed as hostile -- and that includes Iran.

The Iran controversy adds a tricky wrinkle to the ZTE debate. ZTE certainly does seem to have behaved less-than-honestly, according to reports, trying to obfuscate the fact that it was funneling (intentionally or unintentionally) small quantities of U.S. telecommunications components to Iran.

On the one hand, the Iran controversy and the question of Chinese spying are two separate issues. On the other hand, the Iran controversy could be indicative of general opportunism and dishonesty at ZTE, which could lead to the kind of spying Congress is concerned about. As former U.S. President George W. Bush says, "There's an old saying in Tennessee — I know it's in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can't get fooled again."

it seems to me that it's pretty easy for Apple (or other phonemakers in the US market) to see if anyone installed a trojan with the bootloader using a thorough enough memory test. Maybe congress will demand that phones get tested/flashed on US soil before being shipped.

I wonder if it's possible to install imposter memory chips, for example, with hidden data?

Hiding stuff in something you engineer is a lot easier than hiding stuff in something that someone else engineered. Even if they somehow snuck something into, say, the iPhone 5, the minute iFixit ripped one apart it would almost certainly be game over...

No...iFixit only disassembles the product into it's constituent components to figure out what it costs to make. They're not, say, testing the logic in each chip to see if it ever phones home inappropriately...

All I gather from the sum of this article is "relying on foreign countries (particularly antagonistic ones such as China) to manufacture things of great importance to our country's entire infrastructure PROBABLY should be manufactured domestically or with trusted nations where lucrative."

In other words, if you're worried about the Chinese or anyone else spying on your plethora of LANs, perhaps do not operate said LANs with equpiment manufacturerd by culprit parties.

The devices are designed in house, then given to what ever company to manufacture. I work for a company where they had the Chines design and manufacture the product and the thing still doesn't work correctly after 2 years.

The fact is that hardware design is so difficult, that they have very few designers with the experience required to produce American grade components, that they do not have access to the OS code (to incorporate trojens), and do not have specific knowledge about the design aspects of the hardware (outside of what components go where), I doubt that anything could be done to an Apple product without there being noticeable signs. Things like the weight would be off, their would be OS bugs, phantom energy drains. As much as it is true that Apple does not do a great job of testing their software for bugs (like the cellular over WiFi data usage issue) they are quick to dig into and start diagnosing issues reported by their zealous fans.

Android devices might be more susceptible, but the hardware is still built in house. The Chinese manufactures are merely coping the working product.

It is much easier to add spy devices and code while you are building the product then to take a finished product and attempt to inject espionage components.

Of course with Android there is a large vulnerability if the company which did the design is not spot checking the devices to verify that they have the exact OS and software package specified (and the Chinese do not know which ones will be tested so they can send unmodified versions).